Right Management Services

Rights Management Services for Windows Server 2003/2008

Helping Organizations Safeguard Digital Information from Unauthorized Use
Loss of confidential information is causing significant damage to organizations. All digital information is susceptible to attack. That includes everything from confidential meeting notes and customer-facing online content to military defense strategies and other classified government information. While organizations such as financial institutions, government agencies, healthcare organizations, and professional services firms address many security concerns adequately, their strategies usually focus on access and delivery of information. In addition to the threat of computer-related crime, these sectors are increasingly challenged by the need to tighten protections for digital information to comply with emerging legislative standards.

To augment perimeter-based (firewalls, repositories) or transport-based (encrypted delivery) security technologies, there is a need to better protect information after it has been accessed by or delivered to an authorized individual, helping to prevent sensitive information from intentionally or accidentally getting into the wrong hands.

Why Current Solutions Cannot Address This Growing Problem

The information technology industry has worked diligently to keep up with the increasing need to safeguard digital information. Network access can be limited with firewalls; access to certain digital information can be restricted with access control lists (ACLs). Such technologies meet important needs. Strategies that rely solely on such perimeter-based methods resemble an egg: If the network “shell” is cracked, digital information could be exposed. If someone does gain access to the network, there is currently no additional layer of protection.

Secure/Multipurpose Internet Mail Extensions (S/MIME), which is an Internet Engineering Task Force (IETF) standard based on X.509 certificates and a Public Key Infrastructure (PKI) implementation, provides digital signing, non-repudiation, and point-to-point encryption. S/MIME is a valuable and widely used application protocol to attest to the identity of the sender, to keep e-mail secure while in transit, and to validate the credentials of the recipient. However, recipients are still free to do whatever they want with any information that falls into their hands. For example, it could be forwarded to another person, copied to another computer, or posted online. Even accidental security breaches can cause serious harm to an organization. Sensitive e-mail or documents could be forwarded mistakenly to a recipient with potentially malicious intent.

In many cases, information is at risk within the firewall perimeter once employees transport that information from corporate servers to their own desktops, laptops, or when it is saved to some form of removable media such as CD-ROM or USB flash memory stick. The risk is magnified once employees transport information beyond the corporate firewall. The laptop or removable media could easily be lost, stolen, or given to an individual that is not authorized to view the information. Today’s perimeter-based solutions are unable to help protect information after it has been accessed or delivered to an authorized individual. For a more comprehensive solution, organizations need technology that will help them safeguard information--no matter where it goes.